That depends. The OP only talks about "the user", he doesn't talk about the environment. If the OP writes a program that's run with the permissions of the user (that is, asking the user for a database user name and password), you don't need to worry about SQL attacks - the program can't do anything the user couldn't do already. If the user has permission to drop the database, he doesn't need your program to drop it. If he doesn't have permission, the program wouldn't give it to him.

Not every program is a web program. And even then, if I were to create a web program where I wanted to let users type in queries, I'd create a database user with only permissions to query - and only query the tables the webusers are allowed to see, and use that user to log in from my web program. That way, you are protecting the data at its source, and you only have to do it once, not for every possible program.